The Aspen release provides major feature and stability improvements to the GovReady-Q GRC software.
Version 0.10 Aspen contains multiple, customer-driven improvements:
Over 150 sample components based on DOD STIGs and SRGs.
Private components, component usage approvals, and component responsible roles.
An integrations framework for interacting with third-party APIs including other GRC software.
Improved questionnaire editing screens.
Major bug fixes.
More generous MIT open source license.
The Aspen release has been under stealth development with select customers for 10 months
and provides a solid foundation for even more exciting innovations to come.
*******************************************************************************
* IMPORTANT! RELEASES BETWEEN v0.9.11.2 and v0.10.0 CONTAIN BREAKING CHANGES! *
* PLEASE READ CHANGELOGS FOR ALL VERSIONS! *
*******************************************************************************
Feature changes
Support private components.
Assign responsible roles to components and appointing parties to roles.
Integrations framework for better inclusion of information from remote services.
Component usage approval workflow.
Single Sign On OIDC support.
New questionnaire authoring and editing interface.
Over 150 sample components created from DOD STIGS.
Add form to create system from string or URLs.
UI changes
Change label 'certified statement' to 'reference statement'.
Warning Message appears at the top of home page and login page while using an Internet Explorer browser informing the user of Internet Explorer not being supported.
Indicate private components with lock icon.
Edit model for component in library supports marking component private.
Add React component UI widget for setting and editing permissions on component editing.
Add ability to change privacy of a component is given only to the owner of the component.
Added tabs for coponent requests.
Only Component owner can edit user permissions.
Display the control framework along side of controls in component control listing page.
Remove icons from project listing.
Add Component search filter to filter results to components owned by user.
Add form to create system from string or URLs.
Change language in interface to 'system, systems' instead of 'project, projects'.
Navigate users to new system form page as starting point to creating new systems.
Developer changes
Add support for OIDC SSO configuration separate from OKTA SSO configuration.
Update Django, libraries.
Remove debug-toolbar.
Support for private components by adding 'private' boolean field to controls.models.Element.
Support for hidden components by adding 'hidden' boolean field to controls.models.Element.
Support for requiring approval components by adding 'require_approval' boolean field to controls.models.Element.
Create new components as private and assign owner permissions to user who created the component.
Added extensible Integrations Django appplication to support communication with third-party services via APIs, etc.
Added initial support for DoJ's CSAM integration.
Added ElementPermissionSerializer for component (element) permissions.
Add tests for component creation form user interface.
Add ElementPermissionSerializer, UpdateElementPermissionSerializer, RemoveUserPermissionFromElementSerializer for component (element) permissions.
Add ElementWithPermissionsViewSet for component (element) permissions.
Add more permission functions to element model: assigning a user specific permissions, removing all permissions from a user, and checking if a user is an owner of the element.
Updated User model to include search by 'username' and exclusion functionality to queryset.
Add model Roles, Party, and Appointments to siteapp to support identifying roles on Components (Element).
Assign owners to components imported via OSCAL. If no user is identified during component (element creation) assign first Superuser (administrator) as component owner.
Support navigating to specific tab on component library component page using URL hash (#) reference.
Protype integrations System Summary page.
Refactor and OIDC authentication for proper testing of admin and not admin roles.
Create a new system via name given by a string in URL.
Add a large set of sample components (150+) generated from STIGs.
Detect Apple ARM platform (e.g. 'M1 chip') and use alternate backend Dockerfile with Chromium install commented out.
Added SystemEvent object in controls to track system events.
Bug fixes
Fix permissions for non-admin members of projects to edit control implementation statements.
Fix User lookup to properly query search results and exclude specific users
Resolve components not displaying the tag widget by properly setting existingTags default for new component.
Footer fixes.
Assign owners to default components (elements) created during install first_run script.
Correctly display POA&M forms with left-side menu.
Refactor and OIDC authentication for proper testing of admin and not admin roles.
Welcome to GovReady-q v0.10.0 "Aspen".
The Aspen release provides major feature and stability improvements to the GovReady-Q GRC software.
Version 0.10 Aspen contains multiple, customer-driven improvements:
Over 150 sample components based on DOD STIGs and SRGs.
Private components, component usage approvals, and component responsible roles.
An integrations framework for interacting with third-party APIs including other GRC software.
Improved questionnaire editing screens.
Major bug fixes.
More generous MIT open source license.
The Aspen release has been under stealth development with select customers for 10 months and provides a solid foundation for even more exciting innovations to come.
Feature changes
UI changes
Developer changes
Bug fixes